SpamAssassin

We run a program called SpamAssassin on the mail server. SpamAssassin uses a variety of local and network tests to identify spam and adds headers to incoming messages indicating the results. These headers can be used to filter the messages identified as spam. As of this update (June 2006), SpamAssassin is not enabled on user accounts by default.

Since the mail server upgrades described at MailServerUpgrade2006, the program procmail runs automatically when mail is delivered (indeed, it is the MDA in our mail server setup). If you have anything to do with procmail in your ~/.forward file, you should remove it. In fact, you should probably never need a ~/.forward file anymore.

Enabling spam filtering

To have procmail pass incoming messages through SpamAssassin, you need to create (or edit) the file ~/.procmailrc on your unix account. It should contain only the following line:

INCLUDERC=/etc/mail/spamassassin/spamassassin-spamc.rc

This will include the system-wide procmail recipes that invoke SpamAssassin.

Note that this file must have permissions 644 (a.k.a. rw-r--r--, a.k.a. not writable by group or other), or procmail will ignore it.

Note that this will not actually remove spam from your inbox. It will simply add headers (and change the subject line) to indicate messages that it thinks are spam. Use your mail client to inspect the headers of incoming messages and you will see the results of SpamAssassin's work.

Automatically filing spam

If you prefer to have procmail file the messages SpamAssassin identifies as spam, add the following recipe to ~/.procmailrc:

:0:
* ^X-Spam-Status: Yes
mail/Junk

This will file classified-as-spam messages to ~/mail/Junk, which is a convenient place for some mail clients to use for junk mail. You can of course use a different filename if you like. You will have to look in that mailbox if you think a message was mis-filed.

Spam detection with smart mail clients

An advantage of letting your client do the filing (i.e., not using the second recipe above) is that it may be able to do things like whitelisting senders from your address book, to which of course SpamAssassin doesn't autmatically have access. The Mac OSX Mail.app is particularly nice for this. There is a setting "Trust spam headers from my ISP" which causes it to use the SpamAssassin output, and there are checkboxes for not junking certain types of messages based on your Address Book.

If you have a smart mail client, you might find that you would rather not have the string [SPAM] added by SpamAssassin (since although the client might whitelist the message, the subject line will still be munged). To disable this rewriting, add the following to ~/.spamassassin/user_prefs:

rewrite_header Subject

This somewhat unintuitively means to rewrite the Subject header with nothing, effectively not rewriting it.

Improving spam detection (whitelisting and blacklisting)

If you use a mail client that does not provide whitelisting features, you can set it up manually by creating (or editing) the file ~/.spamassassin/user_prefs on your unix account.

To whitelist a single address, add the following:

whitelist_from someone@someaddress.com

To whitelist an entire domain, use a wildcard like this:

whitelist_from *anotheraddress.com

Similarly you can use blacklist_from to force SpamAssassin to always tag messages from addresses (or domains) to always be tagged as spam.